How to find the SSL certificate used by LDAPS

Posted on
June 9, 2017 by
Oliver Marshall

Sometimes you are dumped in to situations at short notice and need to get an answer in fairly short notice. It was in this type of situation that I found myself when I popped in to a friends office and they had a query about certificates for their developer team.

Sometimes you are dumped in to situations at short notice and need to get an answer in fairly short notice. It was in this type of situation that I found myself when I popped in to a friends office and they had a query about certificates for their developer team.Â

It came down to knowing which certificate was being presented by a server for secure LDAP. Their friendly IT bod wasn’t available and I didn’t have access to the server. They just needed to be able to identify the certificate.Â

It turns out that OpenSSL was our friend. Grabbing the Windows version of OpenSSL and extracting the exe was the first point of call.

Then we used the following command, replacing servername with the actual server name

1

openssl.exes_client -connectservername:636

This gave us the following output which was enough to identify the certificate and the dev-pidgeon-chap was happy.

Author

Oliver works as Head of Sales at a leading provider of IT services to the education sector. Out of hours he's a runner with a limp, has a board game addiction and a owns a dog that looks like a badger.